North Korean Hackers Stole Massive $626M in Crypto This Years, Mostly from DeFi

On Dec 23, 2022 at 10:30 am UTC by · 3 mins read

North Korea’s Lazarus Group has been named behind some of the biggest DeFi exploits this year including Harmony protocol and Axie Infinity hack.

On Thursday, December 22, South Korea’s main spy agency, the National Intelligence Service, published a new report noting that the state-sponsored North Korean hackers have stolen an estimated $1.2 billion in crypto assets since 2017.

Hackers Interested in Crypto

Interestingly, the data reveals that 50% of the total funds stolen i.e. more than $626 million have been stolen this year alone from the decentralized finance (DeFi) protocols. Of this, nearly $78 million alone comes from South Korea.

The authoritarian state of North Korea has been suffering from harsh UN sanctions as well as pandemic-related difficulties. As a result, North Korea has increasingly resolved to cybercrime in order to fund its fragile economy and nuclear program.

The National Intelligence Service has warned that the North Korean hackers are likely to conduct more cyberattacks the following year and might steal advanced South Korean technologies and other confidential information related to South Korea’s national security and foreign policy.

Speaking on the development, NIS spokesperson Kyunghyang Shinmun told a local news publication that all of the $620 million stolen by North Korean hackers have come through DeFi exploits overseas. “In Korea, virtual asset transactions have been switched to real-name transactions and security has been strengthened, so there is no damage,” added Shinmum.

North Korea and DeFi Exploits

Decentralized Finance (DeFi) protocols have been one of the major victims of the multiple large-scale hacks taking place this year. Hackers have drained out DeFi protocols for billions of dollars in 2022.

Earlier in April, the US hackers stated that North Korean hackers were responsible for the $620 million worth of crypto theft from Axie Infinity. It was supposedly the largest DeFi hack that took place in the market this year.

Similarly, North Korea’s Lazarus Group has been linked to another high-profile DeFi breach this year which involved draining the Harmony protocol for $100 million. As the North Korean economy continues to struggle, experts believe that such hacks aim to increase the foreign currency reserves of the country. While warning that the North Korean cyberattacks would intensify next year, NIS wrote:

“It is necessary to analyze attacks as closely as defenses. Because one hacker organization has all the attack information and does not forget it. It is necessary to gather information related to malicious code scattered by various attackers to find meaningful insights.”

On the other hand, South Korea is further tightening its rules on cryptocurrencies and related operations this year. Crypto trading exchanges have to mandatorily get a license from the FSC to continue their operations.

Share:

Related Articles

From Sony to Bybit: How Lazarus Group Became The World’s Most Dangerous Crypto Hackers

By March 2nd, 2025

Bybit’s Ethereum cold wallet was compromised on February 21, resulting in a $1.46 billion theft linked to North Korea’s state-sponsored Lazarus Group, adding to their multibillion-dollar crypto crime spree.

Bybit CEO Ben Zhou Declares War on Lazarus Group: Unveils $140M Hack Bounty

By February 25th, 2025

Cryptocurrency exchange Bybit has established a $140 million bounty program to combat North Korea’s Lazarus Group, with rewards for tracking stolen funds while hackers have already laundered $94.1M.

South Korea Lifts Ban on Corporate Participation in Crypto Asset Trading

By February 13th, 2025

Exchanges will now be allowed to convert digital assets earned as fees into fiat currency, with regulatory safeguards in place to prevent market manipulation.

Exit mobile version